CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80
CVE-2017-20035 LOW
phplist 3.2.6 - Stored Cross-Site Scripting in Subscribe Component
CVSS 3.5
CVE-2017-20034 LOW
phplist 3.2.6 - Stored Cross-Site Scripting in List Name Component
CVSS 3.5
CVE-2017-20033 MEDIUM
phplist 3.2.6 - Reflected Cross-Site Scripting via Page Parameter
CVSS 4.3
CVE-2017-20027 MEDIUM
HumHub < 1.1.1 - Cross-Site Scripting
CVSS 4.3
CVE-2017-20026 MEDIUM
HumHub < 1.1.1 - Reflected Cross-Site Scripting
CVSS 4.3
CVE-2017-16043 MEDIUM
shout 0.44.0-0.49.3 - Cross-Site Scripting via /topic Command
CVSS 6.1
CVE-2017-16015 MEDIUM
forms < 1.3.0 - Cross-Site Scripting via Improper HTML Escaping
CVSS 6.1
CVE-2016-9500 MEDIUM
Accellion FTP Server < FTA_9_12_220 - Cross-Site Scripting via Accusoft Prizm Content Flash Parameters
CVSS 6.1
CVE-2016-9493 MEDIUM
jqueryform php_formmail_generator < 2016-12-17 - Stored Cross-Site Scripting via Incomplete PHP Extension Blacklist
CVSS 6.1
CVE-2014-2353
Cogent DataHub < 7.3.5 - Cross-Site Scripting
CVE-2008-10001 MEDIUM
Pro2col Stingray FTS - Cross-Site Scripting via Username Parameter
CVSS 5.5
CVE-2006-0149 MEDIUM
simpbook 1.0 - Cross-Site Scripting via Message Field
CVSS 6.1
CVE-2003-5003 MEDIUM
ISS BlackICE PC Protection - Cross-Site Scripting in Update Handler
CVSS 5.0
Details
Vulnerabilities 538
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits